Change /logout from GET to POST (#515)

2015-10-26 23:21:09 -07:00 · 2015-10-26 23:21:09 -07:00 · 26e8660af4
commit 26e8660af4
parent 50ca141f1d
3 changed files with 16 additions and 4 deletions
--- a/templates/nav.jade
+++ b/templates/nav.jade
@ -67,8 +67,10 @@ mixin navloginform(redirect)


 mixin navlogoutform(redirect)
-  p#logoutform.navbar-text.pull-right
+  form#logoutform.navbar-text.pull-right(action="/logout", method="post")
+    input(type="hidden", name="dest", value=baseUrl + redirect)
+    input(type="hidden", name="_csrf", value=csrfToken)
    span#welcome Welcome, #{loginName}
    span &nbsp;&middot;&nbsp;
-    a#logout.navbar-link(href="/logout?dest=#{encodeURIComponent(baseUrl + redirect)}&_csrf=#{csrfToken}") Logout
+    input#logout.navbar-link(type="submit", value="Logout")